CN110311850A - A kind of network-based data processing method and electronic equipment - Google Patents

A kind of network-based data processing method and electronic equipment Download PDF

Info

Publication number
CN110311850A
CN110311850A CN201910599639.9A CN201910599639A CN110311850A CN 110311850 A CN110311850 A CN 110311850A CN 201910599639 A CN201910599639 A CN 201910599639A CN 110311850 A CN110311850 A CN 110311850A
Authority
CN
China
Prior art keywords
data
target packet
packet
target
type
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910599639.9A
Other languages
Chinese (zh)
Inventor
朱志龙
隋鹤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN201910599639.9A priority Critical patent/CN110311850A/en
Publication of CN110311850A publication Critical patent/CN110311850A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4633Interconnection of networks using encapsulation techniques, e.g. tunneling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

This application discloses a kind of network-based data processing method and electronic equipments, the described method includes: intercepting and capturing target packet, specific first data in target packet are extracted, and obtain the first kind information of the type for characterizing target packet in the first data;According to the record content of the first data, the Second Type information of source body current in target packet is obtained;According to first kind information and Second Type information, judge whether the target packet intercepted and captured meets default clearance condition, and according to judging result processing target data packet.This method processing mode is simply easy to use, the data packet for being sent to target device can be intercepted, and it can accurately judge whether the data packet meets default clearance condition, standby spy is can accurately to judge whether the data packet is the data packet based on the building of HTTP tunneling technique, and it performs corresponding processing, it avoids failing to report wrong report, effectively increases network security.

Description

A kind of network-based data processing method and electronic equipment
Technical field
This application involves network communication field, in particular to a kind of network-based data processing method and electronic equipment.
Background technique
With the fast development of informatization and IT technology, network technology is more widely applied deeply, but is being benefited While network accelerates business processing, the importance of network security technology is more prominent, and network security is Logistics networks space The premise of development and basis.During constructing Network Security Environment, the data packet that needs to send user by network into Row control, for example, can by firewall configuration access control strategy protect the safety of Intranet, in firewall as On all can the equal HTTP of configuration access outer net destination port 80 or 8080 port, the user that can permit Intranet passes through these ends It mouthful accesses the resource of outer net, and forbids accessing other ports, to protect Intranet resource.But occur in network environment at present Some special network behaviors, such as network behavior based on HTTP tunneling technique, can allow user's firewall-penetrating of Intranet, Go to access any outer net resource without being found and being blocked by firewall, this is a kind of extremely unsafe behavior.But for There is no effective control methods at present for such network behavior, cannot accurately be judged it, to seriously threaten net Network safety.
Summary of the invention
The embodiment of the present application is designed to provide a kind of network-based data processing method and electronic equipment, this method Processing is simple easy to use, and can accurately judge whether the data packet meets default clearance condition, it is special it is standby be can be accurate Judge whether the data packet is and to be performed corresponding processing, effectively improved based on the data packet of HTTP tunneling technique building Network security.
In order to solve the above-mentioned technical problem, embodiments herein adopts the technical scheme that a kind of network-based Data processing method, which comprises
Target packet is intercepted and captured, extracts specific first data in the target packet, and obtain first data In for characterize the target packet type first kind information;
According to the record content of first data, the second class of source body current in the target packet is obtained Type information;
According to the first kind information and the Second Type information, judge whether the target packet intercepted and captured is full The default clearance condition of foot, and the target packet is handled according to judging result.
Preferably, it is described according to the first kind information and the Second Type information, judge to intercept and capture described Whether target packet meets default clearance condition, and handles the target packet according to judging result and include:
The corresponding fisrt feature of the first kind information is obtained from default feature database based on the first kind information Code;
The fisrt feature code and the Second Type information are compared, as both the content that is characterized it is identical when, Then judge that the target packet meets the default clearance condition.
Preferably, the method also includes:
When not finding the corresponding fisrt feature code of the first kind information in the default feature database, then Think that the target packet meets the default clearance condition.
Preferably, the Second Type information of source body current in the acquisition target packet is specific Are as follows:
The data characteristics for determining the source body generates corresponding second feature code according to the data characteristics, wherein The second feature code is used to characterize the type of the source body.
Preferably, described include: according to the judging result processing target packet
When the target packet meets the default clearance condition, the target packet of letting pass, so that it is sent out It send to target device;
When the target packet is unsatisfactory for the default clearance condition, then the target packet is abandoned, wherein The default clearance condition includes the data packet that the target packet is not based on the building of the tunnel HTTP.
Preferably, the intercepting and capturing target packet, extracts specific first data in the target packet, and obtain Take the first kind information of the type for characterizing the target packet in first data specifically:
The target packet based on http protocol is intercepted and captured, extracts the header data in the target packet, and obtain institute State the first field of the type for characterizing the target packet in header data.
Preferably, the record content according to first data, obtain current in the target packet The Second Type information of source body includes:
According to the length field in the header data, the source body in the target packet is determined, to obtain State the Second Type information of source body.
The embodiment of the present application also provides a kind of electronic equipment, comprising:
Module is obtained, is configured to intercept and capture target packet, extracts specific first data in the target packet, and Obtain the first kind information of the type for characterizing the target packet in first data;According to first number According to record content, obtain the Second Type information of source body current in the target packet;
Processing module is configured to the institute for judging to intercept and capture according to the first kind information and the Second Type information It states whether target packet meets default clearance condition, and the target packet is handled according to judging result.
Preferably, the processing module is further configured to:
The corresponding fisrt feature of the first kind information is obtained from default feature database based on the first kind information Code;
The fisrt feature code and the Second Type information are compared, as both the content that is characterized it is identical when, Then judge that the target packet meets the default clearance condition.
Preferably, the processing module is further configured to:
When not finding the corresponding fisrt feature code of the first kind information in the default feature database, then Think that the target packet meets the default clearance condition.
The beneficial effect of the embodiment of the present application is: this method processing mode is simply easy to use, can be to being sent to target The data packet of equipment is intercepted, and can accurately judge whether the data packet meets default clearance condition, it is special it is standby be can Accurately judge whether the data packet is the data packet based on the building of HTTP tunneling technique, and perform corresponding processing, avoids Wrong report is failed to report, network security is effectively increased.
Detailed description of the invention
Fig. 1 is the flow chart of the data processing method of the embodiment of the present application;
Fig. 2 is the flow chart of a specific embodiment of step S3 in Fig. 1 of the embodiment of the present application;
Fig. 3 is the flow chart of another specific embodiment of step S3 in Fig. 1 of the embodiment of the present application;
Fig. 4 is the flow chart of a specific embodiment of the data processing method of the embodiment of the present application;
Fig. 5 is the structural schematic diagram of the electronic equipment of the embodiment of the present application.
Specific embodiment
The various schemes and feature of the application are described herein with reference to attached drawing.
It should be understood that various modifications can be made to the embodiment applied herein.Therefore, description above should not regard To limit, and only as the example of embodiment.Those skilled in the art will expect in the scope and spirit of the present application Other modifications.
The attached drawing being included in the description and forms part of the description shows embodiments herein, and with it is upper What face provided is used to explain the application together to substantially description and the detailed description given below to embodiment of the application Principle.
By the description of the preferred form with reference to the accompanying drawings to the embodiment for being given as non-limiting example, the application's These and other characteristic will become apparent.
It is also understood that although the application is described referring to some specific examples, those skilled in the art Member realizes many other equivalents of the application in which can determine, they have feature as claimed in claim and therefore all In the protection scope defined by whereby.
When read in conjunction with the accompanying drawings, in view of following detailed description, above and other aspect, the feature and advantage of the application will become It is more readily apparent.
The specific embodiment of the application is described hereinafter with reference to attached drawing;It will be appreciated, however, that applied embodiment is only Various ways implementation can be used in the example of the application.Known and/or duplicate function and structure and be not described in detail to avoid Unnecessary or extra details makes the application smudgy.Therefore, applied specific structural and functionality is thin herein Section is not intended to restrictions, but as just the basis of claim and representative basis be used to instructing those skilled in the art with Substantially any appropriate detailed construction diversely uses the application.
This specification can be used phrase " in one embodiment ", " in another embodiment ", " in another embodiment In " or " in other embodiments ", it can be referred to one or more of the identical or different embodiment according to the application.
A kind of network-based data processing method of the embodiment of the present application, this method can be applied in the electronic device, During user accesses to target device by network, electronic equipment can carry out data processing in the process, such as The electronic equipments such as firewall can carry out data processing during user is interacted by network and target device, such as scheme Shown in 1, the data processing method the following steps are included:
S1 intercepts and captures target packet, extracts specific first data in target packet, and obtain the use in the first data In the first kind information of the type of characterization target packet.
User can send target packet to target device by client etc. when using network and (or be request report Text), which can be sent to target device if not intercepted and respond target device, to realize that data are handed over Mutually.It in the present embodiment, is intercepted and captured before issuing target packet, such as the mesh for being issued user by firewall equipment Mark Data Packet Seize.Specific first data in target packet are extracted, which is number specific to target packet According to that is, no matter necessary set content in the data structure of target packet is used such as the header data in HTTP data packet Family sends the data packet comprising any content and contains the target data in first data wherein all having first data Numerous data parameters.The expression target packet in numerous data parameters can be obtained in the present embodiment from the first data The first kind information of type, so that the initial form record of target packet is got, such as jpeg type, json type, doc Type etc..
S2 obtains the Second Type letter of source body current in target packet according to the record content of the first data Breath.
First data are necessary set content in the data structure of target packet, the record content of the first data In contain some data parameters of the target packet, be different from the first data in the data parameters and target packet Other data are associated, and the relevant information of other data, in one embodiment, target can be obtained from these data parameters Second data of data packet are source body, source body (also referred to as request data, such as the BODY data in HTTP data packet) For the substantial data content of target packet, and the correlation about the source body is then had recorded in the record content of the first data Information, so as to search out the source body from target packet by record content in the first data.
After finding source body the data type of the source body can be judged simultaneously based on the data content of the source body Second Type information is generated, since source body is the current substantive content of the target packet, believed by Second Type Breath may determine that the substantial data type for the target packet currently intercepted and captured, such as jpeg type, json type, doc type etc..
S3 judges whether the target packet intercepted and captured meets default put according to first kind information and Second Type information Row condition, and according to judging result processing target data packet.
Specifically, presetting clearance condition can be arranged according to actual needs, the data class such as intercepted as needed Type, or intercept etc. for the data packet issued based on particular network technologies, certain user also can according to need pair Content in default clearance condition is modified.In the present embodiment, can according to first kind information and Second Type information come Judge whether the target packet intercepted and captured meets default clearance condition, which can have a variety of logic judgments, Think that target packet meets default put if when first kind information belongs to allow clearance type with Second Type information Row condition;Alternatively, first kind information is compared with Second Type, then think that the target packet does not have when content is identical Implement deception movement, then it is assumed that target packet meets default clearance condition, and if content is not identical, thinks this after comparing Target packet implements deception movement and then thinks that the target packet is unsatisfactory for default clearance condition.It can root in the present embodiment It is judged that result treatment target packet, allows the target packet to be sent to target device when such as meeting clearance condition, it is no The target packet is then forbidden to issue.
It can be seen that the data processing method of the present embodiment, processing mode is simply easy to use, can be to being sent to target device Data packet is intercepted, and can accurately judge whether the data packet meets default clearance condition, it is special it is standby be can be accurate Judge whether the data packet is the data packet based on the building of HTTP tunneling technique, and perform corresponding processing, avoids failing to report mistake Report, effectively increases network security.
In one embodiment of the application, as shown in Fig. 2, described believe according to first kind information and Second Type Breath, judges whether the target packet intercepted and captured meets default clearance condition, and includes: according to judging result processing target data packet
S31 obtains the corresponding fisrt feature code of first kind information based on first kind information from default feature database;
S32 compares fisrt feature code and Second Type information, as both the content that is characterized it is identical when, then sentence The target packet of breaking meets default clearance condition.
Default feature database is user's pre-set database according to actual needs, wherein storing point The relevant information of the data packet of analysis, the corresponding characteristic information of type and the type including data packet, such as header data, head The information such as the format of the condition code of the type of data type field, data packet in portion's data, the length of condition code, condition code. Which kind of need come from addition, the relevant information for needing to store data packet in default feature database can be actually used according to user Definition, such as can store the relevant information for the data packet being often used, also can store the data packet for being easy to appear safety problem Relevant information etc..
It is corresponding with fisrt feature code to first kind information, in one embodiment first kind information and the fisrt feature Code is unique corresponding.The corresponding fisrt feature code of the first kind information is searched in default feature database in the present embodiment, is found The fisrt feature code is the original condition code of the target packet of user preset, it is believed that is the type pair of target packet The correct condition code answered can also regard the first kind information and corresponding fisrt feature code as basic data.The Two type informations are the information of the actual type of target packet, as the reality of active user's target packet to be issued Type information.When fisrt feature code and Second Type information compare, and the content that the two is characterized is identical, it may be considered that The target packet currently to be sent does not implement deception movement, such as without using HTTP tunneling technique, then it is assumed that target data Packet meets default clearance condition;And think that the target packet implements deception movement if content after comparison is not identical, such as Use HTTP tunneling technique that may bring risk to network security, then it is assumed that the target packet is unsatisfactory for default release permit Part, without allowing the target packet to issue.
Preferably, the data processing method is further comprising the steps of: when not finding first in default feature database When the corresponding fisrt feature code of type information, then it is assumed that target packet meets default clearance condition.
Specifically, if presetting the relevant information of not stored first kind information in feature database, including first kind letter Corresponding fisrt feature code is ceased, then the corresponding target packet of first kind information is regarded as the number of security type by user According to, or the data without being monitored, directly the target packet can be let pass, that is, think that it meets default clearance condition And it is let pass.The embodiment can be more accurate determination monitored object, to effectively improve treatment effeciency.
In one embodiment of the application, the Second Type of current source body in the acquisition target packet Information specifically: the data characteristics for determining source body generates corresponding second feature code according to data characteristics, wherein second is special Sign code is used to characterize the type of source body.Specifically, source body (also referred to as request data, in HTTP data packet BODY data) be target packet substantial data content, the data characteristics of source body includes each data parameters, such as the Two type informations etc., the data characteristics can indicate the current actual characteristic of target packet, including may cause network peace Full data parameters.In the present embodiment, corresponding second feature code, such as data can be generated according to the data characteristics of source body Feature is Second Type information, then generates the corresponding second feature code of the Second Type information, and second feature code characterizes mesh Mark the currently practical data type of data packet.
In one embodiment of the application, as shown in figure 3, described according to judging result processing target data packet It includes:
S33, when target packet meets default clearance condition, clearance target packet, so that it is sent to target Equipment;
S34 then abandons target packet when target packet is unsatisfactory for default clearance condition, wherein default to let pass Condition includes the data packet that target packet is not based on the building of the tunnel HTTP.
Specifically, when target packet meets default clearance condition, that is, think that the target packet will not bring net Network safety problem can then drive the electronic equipments such as firewall that the target device of intercepting and capturing is let pass, so that it is sent to target and set Standby, to meet user's requirement, and target device can be responded accordingly according to the target packet received, to reach The purpose of network-based data interaction.And when target packet is unsatisfactory for default clearance condition, then by target packet It abandons, prevents from will cause network security problem after sending the target packet, such as steal user information, propagate computer virus, The problems such as altered data.In addition, default clearance condition includes that target packet is not based on the building of the tunnel HTTP in the present embodiment Data packet, that is, judge that target packet is not based on the data packet of HTTP tunneling technique building and can then be let pass, and lead to It crosses above-mentioned data processing method and thinks that the target packet is then to think that it does not have based on the data packet that HTTP tunneling technique constructs There is safety, is abandoned.HTTP tunneling technique is exactly that all data to be transmitted all are encapsulated into http protocol to carry out Transmission, HTTP tunneling technique almost supports all network accesses, such as: dial up on the telephone, ADSL, Cable Modem, NAT it is saturating Ming Dynasty's reason, the GET type of HTTP and CONNECT type agency, SOCKS4 agency, SOCKS5 agency etc..Therefore illegal user can be with base Network security is destroyed in the HTTP tunneling technique, such as can be set as IE Agent sections in HTTP data packet, is 80 to external port, Then the trojan horse of oneself is injected IE process, prevent firewall is sending data from telling really trojan horse Packet.
In one embodiment of the application, the intercepting and capturing target packet is extracted specific the in target packet One data, and obtain the first kind information of the type for characterizing target packet in the first data specifically: intercept and capture base In the target packet of http protocol, the header data in target packet is extracted, and obtains and is used to characterize in header data First field of the type of target packet.
Specifically, header data includes multiple parameters information, such as Accept: the acceptable mime type of browser; Accept-Charset: the acceptable character set of browser;Accept-Encoding: browser is able to carry out decoded data Coding mode;Accept-Language: category of language desired by browser, when the target devices such as server are capable of providing one Kind or more language version when to use;Authorization: authorization message is typically occurred in target devices such as servers In the response of the WWW-Authenticate head of transmission;Content-Length: the length of request message text is indicated; Content-Type: indicate what mime type subsequent document belongs to;SetContent-Type: setting Content-Type Head data etc..The first field of the type for characterizing target packet in header data is obtained in the present embodiment;As obtained Content-Type field, to obtain first kind information according to Content-Type field.
In one embodiment of the application, the record content according to the first data is obtained in target packet The Second Type information of current source body includes: to be determined in target packet according to the length field in header data Source body, to obtain the Second Type information of source body.For example, according to the Content-Length in header data Field determines the part BODY in target packet, i.e. actual request data, thus further according to the portion BODY in target packet Divide the actual type for determining source body.
In the following, being illustrated in conjunction with a specific embodiment and in conjunction with Fig. 4 to the data processing method.Interception target data Packet, identifies whether target packet is the data packet based on http protocol, if it is, extracting the head letter of target packet Content-type and content-length field in breath;According to the number in the content-length field extracted Value extracts the information of the part BODY of HTTP data packet (message);According to the type in the content-type field extracted Data carry out inquiry operation from the default feature database having had been built up, inquiry the type data corresponding fisrt feature codes, It lets pass if not finding fisrt feature code the target packet, if inquiring the fisrt feature code of the data type, into Row following steps, the part BODY of the HTTP data packet (message) based on extraction, it is parsed and is generated accordingly Two condition codes judge that whether corresponding with the categorical data in content-type field second feature code fisrt feature code be identical (whether meeting default clearance condition) thinks that the HTTP TUNNEL technology (tunnel HTTP is not used in the target packet as identical Technology), target packet of letting pass, otherwise it is assumed that the target packet has used the HTTP TUNNEL technology (tunnel HTTP skill Art), target packet is abandoned.
The embodiment of the present application also provides a kind of electronic equipment, as shown in Figure 5, comprising:
Module is obtained, is configured to intercept and capture target packet, extracts specific first data in target packet, and obtain The first kind information of the type for characterizing target packet in first data;According to the record content of the first data, obtain Take the Second Type information of source body current in target packet.
User can send target packet to target device by client etc. when using network and (or be request report Text), which can be sent to target device if not intercepted and respond target device, to realize that data are handed over Mutually.In the present embodiment, module is obtained before issuing target packet and is intercepted and captured, such as obtain module and set by firewall The standby target data packet capturing for issuing user.It obtains module and extracts specific first data in target packet, first number According to being data specific to target packet, i.e. necessary set content in the data structure of target packet, such as HTTP number According to the header data in packet, i.e., no matter user send include any content data packet, wherein all have first data, this Numerous data parameters of the target data are contained in one data.Numerous data can be obtained in the present embodiment from the first data The first kind information of the type of expression target packet in parameter, to get the initial form note of target packet Record, such as jpeg type, json type, doc type etc..
Module is obtained according to the record content of the first data, obtains the second class of source body current in target packet Type information.First data are necessary set content in the data structure of target packet, the record content of the first data In contain some data parameters of the target packet, be different from the first data in the data parameters and target packet Other data are associated, and the relevant information of other data, in one embodiment, target can be obtained from these data parameters Second data of data packet are source body, source body (also referred to as request data, such as the BODY data in HTTP data packet) For the substantial data content of target packet, and the correlation about the source body is then had recorded in the record content of the first data Information, so as to search out the source body from target packet by record content in the first data.
After finding source body the data type of the source body can be judged simultaneously based on the data content of the source body Second Type information is generated, since source body is the current substantive content of the target packet, believed by Second Type Breath may determine that the substantial data type for the target packet currently intercepted and captured, such as jpeg type, json type, doc type etc..
Processing module is configured to the target packet for judging to intercept and capture according to first kind information and Second Type information Whether satisfaction presets clearance condition, and according to judging result processing target data packet.
Specifically, presetting clearance condition can be arranged according to actual needs, the data class such as intercepted as needed Type, or intercept etc. for the data packet issued based on particular network technologies, certain user also can according to need pair Content in default clearance condition is modified.In the present embodiment, processing module can be according to first kind information and the second class Type information judges whether the target packet intercepted and captured meets default clearance condition, which can have a variety of patrol Judgement is collected, thinks that target packet meets if when first kind information belongs to allow clearance type with Second Type information Default clearance condition;Alternatively, first kind information is compared with Second Type, the target data is then thought when content is identical Packet is without implementing deception movement, then it is assumed that and target packet meets default clearance condition, and if after comparing, if content is not identical Think that the target packet implements deception movement and then thinks that the target packet is unsatisfactory for default clearance condition.In the present embodiment Processing module can allow target data coating to send according to judging result processing target data packet when such as meeting clearance condition To target device, the target packet is otherwise forbidden to issue.
It can be seen that the electronic equipment of the present embodiment is when handling data, processing mode is simply easy to use, can be to being sent to mesh The data packet of marking device is intercepted, and can accurately judge whether the data packet meets default clearance condition, and it is energy that spy is standby It is enough accurately to judge whether the data packet is the data packet based on the building of HTTP tunneling technique, and perform corresponding processing, it keeps away Exempt to fail to report wrong report, effectively increases network security.
In one embodiment of the application, processing module is further configured to:
The corresponding fisrt feature code of first kind information is obtained from default feature database based on first kind information;
Fisrt feature code and Second Type information are compared, as both the content that is characterized it is identical when, then judge mesh It marks data packet and meets default clearance condition.
Default feature database is user's pre-set database according to actual needs, wherein storing point The relevant information of the data packet of analysis, the corresponding characteristic information of type and the type including data packet, such as header data, head The information such as the format of the condition code of the type of data type field, data packet in portion's data, the length of condition code, condition code. Which kind of need come from addition, the relevant information for needing to store data packet in default feature database can be actually used according to user Definition, such as can store the relevant information for the data packet being often used, also can store the data packet for being easy to appear safety problem Relevant information etc..
It is corresponding with fisrt feature code to first kind information, in one embodiment first kind information and the fisrt feature Code is unique corresponding.Processing module searches the corresponding fisrt feature of first kind information in default feature database in the present embodiment Code, the fisrt feature code found is the original condition code of the target packet of user preset, it is believed that is target data The corresponding correct condition code of the type of packet can also regard the first kind information and corresponding fisrt feature code as base Plinth data.Second Type information is the information of the actual type of target packet, as active user's number of targets to be issued According to the actual type information of packet.When processing module compares fisrt feature code and Second Type information, what the two was characterized When content is identical, it may be considered that the target packet currently to be sent does not implement deception movement, such as without using HTTP tunnel Road technology, then it is assumed that target packet meets default clearance condition;And the number of targets is thought if content after comparison is not identical Deception movement is implemented according to packet, has such as used HTTP tunneling technique that may bring risk to network security, then it is assumed that the target Data packet is unsatisfactory for default clearance condition, without allowing the target packet to issue.
In one embodiment of the application, processing module is further configured to: not being found when in default feature database When the corresponding fisrt feature code of first kind information, then it is assumed that target packet meets default clearance condition.
Specifically, if presetting the relevant information of not stored first kind information in feature database, including first kind letter Cease corresponding fisrt feature code, i.e., processing module does not find fisrt feature code in default feature database, then user by this first The corresponding target packet of type information regards the data of security type, or the data without being monitored as, can be direct The target packet is let pass, that is, thinks that it meets default clearance condition and is let pass.The embodiment can be more accurate Monitored object is determined, to effectively improve treatment effeciency.
In one embodiment of the application, obtains module and be further configured to: determining the data characteristics of source body, root Corresponding second feature code is generated according to data characteristics, wherein second feature code is used to characterize the type of source body.
In one embodiment of the application, processing module is further configured to: when target packet meets default let pass When condition, clearance target packet, so that it is sent to target device;When target packet is unsatisfactory for default clearance condition When, then target packet is abandoned, wherein default clearance condition includes the number that target packet is not based on the building of the tunnel HTTP According to packet.
In one embodiment of the application, obtains module and be further configured to: intercepting and capturing the number of targets based on http protocol According to packet, the header data in target packet is extracted, and obtains the type for characterizing target packet in header data First field.
In one embodiment of the application, obtains module and be further configured to: according to the length in the header data Field determines the source body in target packet, to obtain the Second Type information of source body.
Above embodiments are only the exemplary embodiment of the application, are not used in limitation the application, the protection scope of the application It is defined by the claims.Those skilled in the art can make respectively the application in the essence and protection scope of the application Kind modification or equivalent replacement, this modification or equivalent replacement also should be regarded as falling within the scope of protection of this application.

Claims (10)

1. a kind of network-based data processing method, which is characterized in that the described method includes:
Target packet is intercepted and captured, extracts specific first data in the target packet, and obtain in first data For characterizing the first kind information of the type of the target packet;
According to the record content of first data, the Second Type letter of source body current in the target packet is obtained Breath;
According to the first kind information and the Second Type information, it is pre- to judge whether the target packet intercepted and captured meets If clearance condition, and the target packet is handled according to judging result.
2. the method according to claim 1, wherein described according to the first kind information and described second Type information, judges whether the target packet intercepted and captured meets default clearance condition, and described in being handled according to judging result Target packet includes:
The corresponding fisrt feature code of the first kind information is obtained from default feature database based on the first kind information;
The fisrt feature code and the Second Type information are compared, as both the content that is characterized it is identical when, then sentence The target packet of breaking meets the default clearance condition.
3. according to the method described in claim 2, it is characterized in that, the method also includes:
When not finding the corresponding fisrt feature code of the first kind information in the default feature database, then it is assumed that The target packet meets the default clearance condition.
4. the method according to claim 1, wherein message current in the acquisition target packet The Second Type information of main body specifically:
The data characteristics for determining the source body generates corresponding second feature code according to the data characteristics, wherein described Second feature code is used to characterize the type of the source body.
5. the method according to claim 1, wherein described handle the target packet according to judging result Include:
When the target packet meets the default clearance condition, the target packet of letting pass, so that it is sent to Target device;
When the target packet is unsatisfactory for the default clearance condition, then the target packet is abandoned, wherein described Default clearance condition includes the data packet that the target packet is not based on the building of the tunnel HTTP.
6. the method according to claim 1, wherein the intercepting and capturing target packet, extracts the number of targets According to the first data specific in packet, and obtain first of the type for characterizing the target packet in first data Type information specifically:
The target packet based on http protocol is intercepted and captured, extracts the header data in the target packet, and obtain the head First field of the type for characterizing the target packet in portion's data.
7. according to the method described in claim 6, it is characterized in that, the record content according to first data, is obtained The Second Type information for taking source body current in the target packet includes:
According to the length field in the header data, the source body in the target packet is determined, to disappear described in acquisition Cease the Second Type information of main body.
8. a kind of electronic equipment characterized by comprising
Module is obtained, is configured to intercept and capture target packet, extracts specific first data in the target packet, and obtain The first kind information of the type for characterizing the target packet in first data;According to first data Content is recorded, the Second Type information of source body current in the target packet is obtained;
Processing module is configured to the mesh for judging to intercept and capture according to the first kind information and the Second Type information Whether mark data packet meets default clearance condition, and handles the target packet according to judging result.
9. electronic equipment according to claim 8, which is characterized in that the processing module is further configured to:
The corresponding fisrt feature code of the first kind information is obtained from default feature database based on the first kind information;
The fisrt feature code and the Second Type information are compared, as both the content that is characterized it is identical when, then sentence The target packet of breaking meets the default clearance condition.
10. electronic equipment according to claim 9, which is characterized in that the processing module is further configured to:
When not finding the corresponding fisrt feature code of the first kind information in the default feature database, then it is assumed that The target packet meets the default clearance condition.
CN201910599639.9A 2019-07-04 2019-07-04 A kind of network-based data processing method and electronic equipment Pending CN110311850A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910599639.9A CN110311850A (en) 2019-07-04 2019-07-04 A kind of network-based data processing method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910599639.9A CN110311850A (en) 2019-07-04 2019-07-04 A kind of network-based data processing method and electronic equipment

Publications (1)

Publication Number Publication Date
CN110311850A true CN110311850A (en) 2019-10-08

Family

ID=68078996

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910599639.9A Pending CN110311850A (en) 2019-07-04 2019-07-04 A kind of network-based data processing method and electronic equipment

Country Status (1)

Country Link
CN (1) CN110311850A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111767283A (en) * 2020-06-19 2020-10-13 北京思特奇信息技术股份有限公司 Data system monitoring method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030009571A1 (en) * 2001-06-28 2003-01-09 Bavadekar Shailesh S. System and method for providing tunnel connections between entities in a messaging system
CN104378361A (en) * 2014-10-24 2015-02-25 苏州阔地网络科技有限公司 Network intrusion detection method and system
CN106230861A (en) * 2016-09-07 2016-12-14 上海斐讯数据通信技术有限公司 A kind of router fire wall lower network access method and router
CN106506630A (en) * 2016-10-27 2017-03-15 中国科学院信息工程研究所 A kind of hostile network behavior based on HTTP content consistencies finds method
CN107395637A (en) * 2017-08-29 2017-11-24 厦门安胜网络科技有限公司 Http tunnels active detecting method, terminal device and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030009571A1 (en) * 2001-06-28 2003-01-09 Bavadekar Shailesh S. System and method for providing tunnel connections between entities in a messaging system
CN104378361A (en) * 2014-10-24 2015-02-25 苏州阔地网络科技有限公司 Network intrusion detection method and system
CN106230861A (en) * 2016-09-07 2016-12-14 上海斐讯数据通信技术有限公司 A kind of router fire wall lower network access method and router
CN106506630A (en) * 2016-10-27 2017-03-15 中国科学院信息工程研究所 A kind of hostile network behavior based on HTTP content consistencies finds method
CN107395637A (en) * 2017-08-29 2017-11-24 厦门安胜网络科技有限公司 Http tunnels active detecting method, terminal device and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111767283A (en) * 2020-06-19 2020-10-13 北京思特奇信息技术股份有限公司 Data system monitoring method and system
CN111767283B (en) * 2020-06-19 2023-08-18 北京思特奇信息技术股份有限公司 Data system monitoring method and system

Similar Documents

Publication Publication Date Title
US7464407B2 (en) Attack defending system and attack defending method
WO2018107784A1 (en) Method and device for detecting webshell
US7774832B2 (en) Systems and methods for implementing protocol enforcement rules
US8170352B2 (en) String searching facility
CN107872456A (en) Network intrusion prevention method, apparatus, system and computer-readable recording medium
CN104994104B (en) Server fingerprint mimicry and sensitive information mimicry method based on WEB security gateways
US20080196099A1 (en) Systems and methods for detecting and blocking malicious content in instant messages
CN105939326A (en) Message processing method and device
US20120180120A1 (en) System for data leak prevention from networks using context sensitive firewall
CN105704120B (en) A method of the secure access network based on self study form
CN108881101A (en) A kind of cross site scripting loophole defence method, device and client based on DOM Document Object Model
WO2018076697A1 (en) Method and apparatus for detecting zombie feature
CN108259473A (en) Web server scan protection method
CN111182060A (en) Message detection method and device
CN108540480B (en) Gateway and file access control method based on gateway
US9787711B2 (en) Enabling custom countermeasures from a security device
CN106341377A (en) Method and device for preventing Web server from being attacked
CN104486292B (en) A kind of control method of ERM secure access, apparatus and system
JP2007325293A (en) System and method for attack detection
CN108040036A (en) A kind of industry cloud Webshell safety protecting methods
CN107786489A (en) Access request verification method and device
CN109600395A (en) A kind of device and implementation method of terminal network access control system
CN110311850A (en) A kind of network-based data processing method and electronic equipment
Kamel et al. Analysis of HTTP protocol implementation in smart card embedded web server
JP5682181B2 (en) COMMUNICATION DEVICE, METHOD, AND PROGRAM HAVING COMMUNICATION CONTROL FUNCTION

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191008